Admin l Thursday, October 28, 2021
Fighting the surge in ransomware attacks in South Africa with EDR solutions
JOHANNESBURG, South Africa – When cyber attacks are on the rise, as they certainly have been in South Africa this year, an organisation cannot afford to have its cyber security operating in a reactive manner.
And yet, far too many businesses operate in this manner, making them prime targets for a breach. This is according to Milad Aslaner, Senior Director, Cyber Defense Strategy at SentinelOne, which helps organisations to prevent, detect, respond to and remediate end-point threats using artificial intelligence (AI) and machine learning. Its endpoint security products are distributed throughout Africa by Networks Unlimited.
Aslaner explains: “Endpoints including laptop computers, tablets and phones provide entry points to a wider network penetration that could harm the organisation, and which is one of the goals of ransomware attacks. Endpoint protection therefore plays a critical role in the overall protection of the network in safeguarding valuable data and information.
“However, at the same time, the evolution of endpoint security technology has created an environment that is confusing, with many different vendors seeming to offer similar services. Issues such as data overload, and a lack of looking at the bigger picture, can help to create a situation in which the organisation’s security posture has become reactive, which also assists threat actors to successfully breach security weak spots.”
Aslaner says SentinelOne has noted that issues such as the following can combine to have a negative impact on an organisation’s security:
· Too many tools: A functional overlap creates operational difficulties and expense.
· Too many bottlenecks: The need to coordinate people, processes, and technology creates scaling problems.
· Too much noise: Raw, uncorrelated data slows down the ability to respond fast enough.
· Too many blind spots creates poor coverage for modern threats.
· Too few experts: There are too few experts with scarce high-end skills, and limited staffing issues.
“Organisations should prioritise cybersecurity before an attack happens, but also be able to recover from a breach as soon as possible,” comments Stefan van de Giessen, General Manager: Cybersecurity at Networks Unlimited. “We know that South Africa’s many socio-economic problems mean that cybersecurity is low on the agenda for many companies and government entities, but we cannot be complacent, or adopt a head-in-the-sand approach.
“Cybercrime in South Africa seems to be on the rise following recent cyberattacks, and it is likely to get worse. The unprecedented July ransomware breach on the systems of Transnet, the country’s ports, rail and pipelines operator, had a massive impact on the country. The attack caused chaos at the container terminals in the ports of Durban, Ngqura, Gqeberha and Cape Town because of ‘an act of cyberattack, security intrusion and sabotage’ https://www.dailymaverick.co.za/opinionista/2021-08-04-transnet-ports-closed-and-were-in-the-dark/. As a result, businesses found themselves being unable to move their goods in and out of the country.”
Durban is South Africa’s busiest port, handling some 60 percent of the country’s imports. Because manual processes had to be implemented at Transnet, this only served to compound existing supply chain disruptions caused by the pandemic in general and, more specifically, the July social unrest in the country https://www.investec.com/en_za/focus/economy/transnet-cyberattack-could-have-catastrophic-consequences.html.
“The pandemic and the social unrest were, of course, beyond our individual control, but it should certainly be within our abilities to ensure that we have adequate cybersecurity for our organisations, particularly our vital state-owned operations,” comments Van de Giessen. “This is why implementing the solutions offered by a company like SentinelOne are more critical than ever before.”
According to Aslaner, implementing state-of-the-art endpoint detection and response (EDR) will help an organisation to be proactive against cyberthreats instead of reactive.
The SentinelOne solution can be deployed on-premise or in the cloud, depending on the customer’s preference and requirements. The solution can additionally be used in both online as well as offline formats, and also offers real ease of deployment.
“With more people working from home and relying on often insecure internet connections, cyber incursions have become more frequent around the world,” says Aslaner. “This is because the operating models for the organisations are not designed to cope with working-from-home arrangements. With users and end points no longer being within the premises, this introduces new blind spots.
“However, the issue is much bigger than ease of corporate access. It involves not having the right solutions in place, as well as also data overload, meaning that engineers are not capable of reacting to a threat when it happens. The increased sophistication in cyberattacks, as well as their growing numbers, means that new and more effective security models are required. Antivirus solutions are not sufficient, and even next-generation antivirus solutions are not enough. A converged and combined solution is required that involves an automated response, and experts to manage the platform.”
“The Transnet breach is just one state-owned entity attack that the country has seen recently,” adds Van de Giessen. “Cyber criminals have gained access to the Department of Justice and the South African National Space Agency, which were also both hit with ransomware attacks https://www.dailymaverick.co.za/article/2021-09-09-cyber-bandits-target-south-africa-department-of-justice-space-agency-hit-by-ransomware-attacks/.
“We need to be mindful of further potential attacks on infrastructure, because if hackers penetrate the computer servers of organisations such as those of transport, energy or communications, the effects will once again be dire. These are critical systems which require proactive security solutions,” he concludes.